Proofpoint TAP - Critical for Email Security
Proofpoint Targeted Attack Protection (TAP) is very helpful in detecting threats that come through mail. It keeps track of URL accessed …
Overview
What is Proofpoint Targeted Attack Protection (TAP)?
Proofpoint Targeted Attack Protection (TAP) helps organizations efficiently detect, mitigate and respond to known and unknown advanced threats that target people and VIPs through email. TAP provides unparalleled effectiveness in stopping targeted attacks that use polymorphic malware, weaponized documents and…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Reviewer Pros & Cons
Pricing
N/A
Unavailable
What is Proofpoint Targeted Attack Protection (TAP)?
Proofpoint Targeted Attack Protection (TAP) helps organizations efficiently detect, mitigate and respond to known and unknown advanced threats that target people and VIPs through email. TAP provides unparalleled effectiveness in stopping targeted attacks that use polymorphic malware, weaponized…
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
13 people also want pricing
Alternatives Pricing
What is Avanan?
Avanan, from Check Point since the August 2021 acquisition, connects security technologies to enterprise cloud applications in order to improve protection of sensitive corporate data and IP. According to the vendor, Avanan's one-click deployment allows customers to deploy a new security solution in…
What is KnowBe4 PhishER/PhishER Plus?
PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security…
Product Details
- About
- Tech Details
What is Proofpoint Targeted Attack Protection (TAP)?
Proofpoint Targeted Attack Protection (TAP) helps organizations efficiently detect, mitigate and respond to known and unknown advanced threats that target people and VIPs through email. TAP provides unparalleled effectiveness in stopping targeted attacks that use polymorphic malware, weaponized documents and credential-stealing phishing techniques to obtain sensitive information. TAP seamlessly integrates with the Proofpoint secure email gateway (Proofpoint Email Protection) to deliver best-in-class email security in a way that is cost effective and easy to use. TAP leverages the cloud to scale deployment, adapt analysis and protect people on any network or device.
With Proofpoint Targeted Attack Protection (TAP), you can:
- Provide sophisticated analysis to prevent threats from getting to a user's inbox.
- Detect known and unknown threats using adaptable analysis capabilities.
- Provide security teams detailed analysis and visibility about threats and threat campaigns.
- Provide visibility into threats targeting the Very Attacked People (VAP) in an organization.
Proofpoint Targeted Attack Protection (TAP) Features
- Supported: Provide sophisticated analysis to prevent threats from getting to users inbox.
- Supported: Detect known and unknown threats using adaptable analysis capabilities.
- Supported: Provide security teams detailed analysis and visibility about threats and threat campaigns.
- Supported: Provide visibility into threats targeting the Very Attacked People (VAP’s) in an organization
Proofpoint Targeted Attack Protection (TAP) Technical Details
| Deployment Types | On-premise, Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Windows, Linux, Mac |
| Mobile Application | No |
Comparisons
Compare with
Reviews and Ratings
(65)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Pros
- Cons
Effective URL Blocking: Several users have praised Proofpoint TAP for its effective URL Blocking feature, which has prevented malicious URLs from infiltrating their systems. This feature not only alerts users about potential compromises but also provides concise threat context, enabling them to understand the nature of the threats they face.
Integration with Proofpoint TRAP: Many reviewers have valued the seamless integration between TAP and Proofpoint TRAP. By combining these two solutions, users are able to streamline their workflow and enhance security measures. The integration detects spam and phishing emails, providing an added layer of protection against cyber threats.
Accurate Attachment Detonation: Users have expressed high satisfaction with TAP's sandbox attachment detonation feature. This functionality effectively vets attachments for threats, allowing users to confidently analyze email attachments without risking system compromise. The ability to detect malicious attachments and boast a false positive rate of less than 0.001% over three years has been particularly impressive to reviewers.
Cumbersome Admin Web GUI: Users have mentioned that the admin web GUI is difficult to navigate and understand, leading to a steep learning curve. Several reviewers expressed frustration with the unclear interface and the need to constantly stay updated on new features.
Lack of Communication on New Features: Users have expressed frustration with Proofpoint's lack of communication when new features are added to their toolbox. Some users felt left in the dark about updates and wished for better transparency from the company.
Difficulty in Automating Custom Report Emails: Several users mentioned the inability to automate custom report emails like with Proofpoint Secure email. This inconvenience makes it time-consuming for administrators who rely on automated reports for efficient management.
Attribute Ratings
Reviews
(1-25 of 33)Companies can't remove reviews or game the system. Here's why
January 16, 2024
Proofpoint TAP - Critical for Email Security
Proofpoint Targeted Attack Protection (TAP) is very helpful in detecting threats that come through mail. It keeps track of URL accessed by user in mail which is deemed suspicious after delivery of it.
Threat description in sandbox is very helpful for further triaging.
Isolation browser is another good feature which allows you to browse malicious website without risk of infection.
Threat description in sandbox is very helpful for further triaging.
Isolation browser is another good feature which allows you to browse malicious website without risk of infection.
- Sandboxing of threat
- Description of rewritten & non-rewritten helps in triaging
- Isolation browser
- Threat description & tagging
- Detailed description of threat
- Mail quarantine option should be introduced like in TRAP
- Reduce false positive for impostor alerts & URL defence
- Need to focus on integration of TAP with other EDR relation technologies
November 20, 2021
TAP in my own perspective as a user
Score 9 out of 10
Vetted Review
Verified User
Its use as our email protection defense for phishing emails. Another layer of protection is malicious emails are not blocked. When URLs are rewritten and clicked by the user, we get an alert and actioned accordingly. Use in the whole organization. Sometimes it creates a lot of False Positives and too much noise.
- Rewrite URL
- Blocked malicious URL
- Reporting
- Alerted for possible compromise
- Reduce false positive for impostor alerts
- I have noticed that if the URL is long, sometimes it's not being rewritten so the layer of protection is not there
- More proactive approach rather reactive to avoid possible compromise
November 11, 2021
Great product!
Currently, at my organization, Proofpoint Target Attack Protection, also known as TAP, is used by the SOC and also our Threat Intelligence team. The SOC uses it by researching emails that they get alerted on, and the cyber threat intelligence team uses it to research campaigns that target our organization.
- Details on specific malicious email campaigns
- Details on the users that are targeted by those campaigns
- Use of API's to be used with other cyber tools your company has
- Insight on the types of malware and types of campaigns
- Better user import capabilities
- MITRE alignment
- Stronger campaign capture
April 01, 2021
Proofpoint TAP a product that just works!
Proofpoint Targeted Attack Protection is a rock solid application that just works.
- Anti Spam
- Anti Malware
- Upgrades on the on-premise version can sometimes fail to install
November 21, 2020
TAP away those threats!
Proofpoint Targeted Attack Protection is used across our entire company covering all email domains.
- URL rewrite feature is extremely useful for finding users at risk
- Very attacked people is great for end user awareness targeted training
- The dashboard is very intuitive and has useful data for reporting efficacy
- Small issue but it would be great if they got on board with SAML 2.0 authentication for the dashboard
- Would be nice to combine PPS and TAP dashboards into one view for reporting
January 23, 2020
Proofpoint TAP is powerful but expensive
Proofpoint TAP is used on a shared service mail gateway cluster by our outsourcing services clients. The URL protection prevents users from open websites with malware content. The attachment analyzer is able to detect malware in email content before the mail enters the client's environment and before the standard antispam engine checks the attachment.
- URL protection with a cloud-based Proofpoint database.
- Attachment analysis and removal of potentially dangerous content.
- Support for different languages in international environments for URL protection functions.
November 29, 2019
Email threat protection for loosely connected devices
Proofpoint Targeted Attack Protection is being used across the entire organization for both inbound and outbound email protection. We currently have TAP integrated with PPS and the Threat Response product form Proofpoint. This system has drastically reduced our mean time to detect and respond to email-related attacks. Our previous tool for this effort was O365 ATP. Proofpoint TAP is far superior at detection and response than what O365 ATP provides.
- Detecting post-delivery weaponization of URLs.
- Attachment inspection and detection.
- Email retrieval once an incident is detected.
- Select the treatment of VIP users that allows for enhanced protection.
- Proofpoint TAP provides great insight into attack campaigns.
- It allows for faster response to zero-day attacks.
- User-interface could use improvement.
- Better details on detonation information emails from my own organization. Show me exactly what email and path from the sandbox.
We use Proofpoint Targeted Attack Protection for our entire organization. Our security team uses it every day to look into/analyze different threats that we are seeing coming into our network via email. We have the alerts set up to get us looking into the "critical" events, but we can use the data in the platform every day. It helps us realize how well Proofpoint Email Security is doing, and provides great stats/numbers for us to give to management to show what has been accomplished.
- Usability - The product is very easy to use, and begins giving a lot of valuable information immediately.
- Detail - The amount of detail for each threat is great, and helps us with "proving" there may be a problem somewhere.
- Defense - The URL rewrite function and sandbox function are great, and we saw immediate return from just those.
- Sandboxing can be slow at times, but that is understandable, but hard to explain to end users.
- URL rewrite takes time for the users to get used to the fact that every URL now looks "phishy".
November 06, 2019
Proofpoint Targeted Attack Protection - it works pretty well!
Proofpoint Targeted Attack Protection is used across our entire organization worldwide, which includes 15 global offices. It provides next-gen email security for Advent.
- Messages with malicious URLs are blocked/quarantined and kept out of end-users mailboxes
- Sometimes you'll get a TAP warning that messages with malicious content were already delivered to users mailboxes BEFORE the Proofpoint algorithm detected them as malicious.
October 29, 2019
Proofpoint is at next level
We are using Proofpoint currently for email security and this is for our global level implementation. We have also integrated it with our firewall Palo Alto too.
- We have been observing TAP is working well and also the integration with Palo Alto is working great.
- Having a very good experience with Proofpoint support and very super support from them. However we have not been notified of any new updates. Not sure, if these updates have already been sent to procurement team, but not the Allegis support group.
- We do see the TAP dashboard also has a URL for rewriting details and email alerts too, which will help us to identify the actual threats and also we can report them if the attack is a false positive as well.
- In the search pane, we could have more detailed information and which may useful while validating the incoming email for the engineers.
- I do agree no product is able to block any sort of new malware/phishing attacks, but I have been observing unless we are reporting it Proofpoint is unable to identify a threat in some cases (and after the virus engines have been updated). This could be improved.
- Also in few cases, the email might get blocked if we add the IP to our blacklist policy route. However there is no sign of email activity from that source. We should at least be able to see that info.
TAP helps mitigate targeted attacks, and also helps with researching what was attempted, and helps identify people who are more at risk (ie, if they clicked a link, etc)
- Concise threat context
- URL rewriting
- I don't find the TAP portion of the product to be deficient. I think it's easy to use and is extremely helpful.
October 22, 2019
Proofpoint just works
Proofpoint's TAP product rewrites all URLs contained in emails that come to all of our email domains. The rewritten URL is substituted in place of the original link so that when the user clicks on it, instead of automatically taking the user to where the link points, it opens that site in a sandbox on a Proofpoint server before it approves or denies the destination based on anaylsys of what happens in the sandbox. Uusually they catch malicious URLs immediately although sometimes it takes them a few minutes or even a couple of hours, but eventually they notice nearly all of them, preventing my end users from infecting our PCs by clicking.
- Rewrites URLs in all our emails and very rarely misses one
- it works very well to protect our users from themselves and their bad habits
- Their admin web GUI is cumbersome and unclear in many ways. The learning curve is steep so you have to stay up on things yourself whenever a new feature or service is added.
- They sometimes add a feature to their toolbox without informing their customers. This is true even when the feature added does not cost extra.
September 11, 2019
TAP has saved us multiple times against post malware threats.
Proofpoint Targeted Attack Protection for Email (TAP) is being used by our entire organization as a second defense against email malware. If email malware does initially get by Proofpoint Secure email, TAP catches it and notifies us of the breach and goes further to protect us with rewritten URLs.
- We receive email TAP alerts when malicious email gets past the Proofpoint Secure Email product.
- TAP provides very a detailed analysis of the any email malware that potentially reaches our end users.
- The overall reporting from TAP is very beneficial, especially the way it will compare our organization to similar organizations.
- I have not found a way to automate emailing me custom reports like I can do with Proofpoint Secure email.
- Sometimes you have to click through multiple links to get to the details of a malware email.
September 10, 2019
Ahead of its time!
TAP is used strictly by our Information Security department. It is very beneficial to us in two ways. Phishing attacks and our VAPs. The way that TAP seamlessly integrates with our company is unparalleled to any other product. We are able to train our users better with the knowledge we gain from TAP.
- The best software for gaining better cyber awareness of your company!
- Intelligence like no other!
- Allows faster response and more efficient workflow!
- When an alert is made sometimes some information is lacking.
- Other than that, no complaints.
August 29, 2019
TAP for Protection
Proofpoint Targeted Attack Protection for Email is being used across our entire organization. It helps protect our users from emails that may contact malicious code in an attachment or a link that may take them to a site where their credentials can be compromised. Ultimately it protects our customers' information in turn.
- Stopping attachments, bad URLs, and embedded malicious code.
- Sometimes there is a delay in detecting the threat, and by that time it has been delivered to a mailbox and the user may have clicked on a URL or opened an attachment.
- Added functionality is in separate add-on modules at a cost.
- TAP dashboard could be made easier to navigate to gather details of the threat.
August 26, 2019
Couldn't survive without it!
Proofpoint Targeted Attack Protection (TAP) is used across the entire organization. This solution provides for URL rewrites and safe attachments. With email critical to our business (like everyone else) this extra level of protection is absolutely necessary given the phishing attacks that are at an all-time high. We are notified of any actions that result in a user clicking something that is later determined to be malware or phishing.
- URL defense.
- Safe attachments.
- Detection and incident response.
- The administrative user interface could be a bit more intuitive.
- Notifications are still somewhat cryptic when an event is identified.
- This feature is a separate cost from standard email protection.
Proofpoint TAP is being used by our entire organisation, which is a multi-national company with offices in central Europe. With TAP, we are able to see malicious attachments & links that are being sent to our organisation. It gives us excellent insights into our users and what sort of attacks we are seeing come in.
- URL rewriting. TAP can rewrite URLs to obfuscate potentially harmful links. And if it is harmful, then we can see this in the dashboard and respond appropriately.
- Attachment defense is particularly impressive. We see 99% of attachments which are potentially malicious being blocked.
- Reporting. The reporting in TAP is fantastic and provides great insight into our organisation. It's the sort of reports the senior management are interested in.
- The dashboard can be a bit tricky to understand. There is a lot of info, and it can be confusing at first to figure out what certain phrases mean.
- Drilling down into attack dashboards, I would expect some items to be clickable to get more info. But they are not which means I have to search around for the information I want.
- Again, the effectiveness dashboard does not have a lot of clickable elements, but they look like they should be which is frustrating.
August 15, 2019
Peace of mind at a reasonable price
We are using Proofpoint to scan and inspect all inbound mail and it is at the forefront of protecting all of our end-users from email-based attacks. We also utilize their encrypted mail features for sending secure mail to customers. I have had to work with other products in this space, such as Barracuda and Cisco IronPort, all of which are great products; however, I would rank my experience with Proofpoint (so far) above any of them in its effectiveness and support.
- URL re-writing and sandboxing is very effective.
- Need to find a solution to e-mails with links to cloud-based documents with malicious payloads.
August 13, 2019
Happy with Proofpoint TAP.
The whole group is using Proofpoint TAP inherently. It is part of the email protection solution package. The TAP part works great with the TRAP appliance at the moment a malicious email was found later. But utilizing the API, TAP can notify TRAP to auto pull the message from the user mailbox. Though there is a bug in it at the current version, making this not work for maybe 10% of the messages, it does work great for most messages.
- Finding threats.
- Reporting.
- Insight into the threats (sandbox results).
- Solve the bug with the TRAP integration.
- Have consistent look & feel with the other Proofpoint products.
August 08, 2019
Easy to use and accurate threat detection
We have been using the Proofpoint TAP for about 2 years now and I cannot imagine us not having it in our environment. We are constantly under attack and the TAP has been vital in helping to protect us from threats. We actually receive so many threats that I start to wonder if something is not working when I look at the TAP dashboard and it shows no threats at all! This is being utilized to protect our entire organization from email threats.
- Impostor email detection is a fantastic feature and works very well.
- The sandbox feature helps to ensure confidence that their evaluation of the email threat is valid.
- Easy to use (and understand) dashboard make identifying and managing email threats a breeze.
- Occasionally, we have a false positive or false negative, but those are easily corrected.
- Would like the ability to upload a file to have it automatically exploded via sandbox to determine threat.
July 30, 2019
Proofpoint TAP is on TAP
Targeted Attack Protection sends us alerts us via a detailed email if Proofpoint detects things such as an impostor email sent to one of our VIPs. This allows us to reach out to the user to make sure they are aware that the email is bogus so that they do not possibly give away any private information to the impostor.
- Detailed GUI
- Email alerts
- Stops impostor emails
July 23, 2019
Save your money and find something else
We purchased this for our full-time fac/staff and attempted to get this for our students as 'included' since they slipped by our legal to not include our students first off. We had to pay a ton to get the students included. Also, EOP based AV does a better job of blocking bad attachments. The best use case I can give you is if you put the phishing link inside a PDF TAP, it will send it on clean. MS AV will catch it every time. I watch the TAP alerts on misses, and I will pull the message with Get-Messagetrace and its details; sure enough, it got caught there!
- Slowing down mail flow for scanning.
- Limiting to a specific sub group of your org.
- Sending lots of mail unthrottled by default.
- Stopping bad mail.
- Hashing spam emails in a more efficient way.
TAP is an optional module for Proofpoint Email Security that can be licensed. It consists of "URL Defense" and "Attachment Defense." The first one is a mighty tool which provides security for inbound mail traffic by analyzing (and blocking) access to harmfull external URLs. 'Attachment Defense' is even mightier. As a company, you get a lot of emails with attachments, especially documents like PDFs or Microsoft Office file formats. Attachment Defense is a Sandbox cloud service provided by Proofpoint, which analyzes these files and checks if they contain bad content like malicious macros. All normal Antivirus scanners work signature-based, so they are not able to open a document like Adobe Reader or MS Office would do it. This is what Proofpoint Targeted Attack Protection does for you. Up to now, there is no other way to automatically check every attachment this way (Sandboxing).
- It's a carefree solution for automatic approval of (bad) attachments.
- A carefree solution for automatic approval of bad URLs.
- Alerts for admins if the attachments or allowed URL clicks afterwards turned out to be malicious.
- A lot of information about malware campaigns inside the TAP Dashboard, and useful info, like who's the most attacked target in your company.
- Expensive (but justified).
- A lot of German companies are very sensitive about their data and privacy. You have to trust Proofpoint here.
June 21, 2019
Proofpoint TAP Review
Proofpoint TAP is used as part of our email security strategy. Inbound emails are scanned by TAP for malicious attachments, links, and other indicators of compromise. Proofpoint TAP logs feed into our SIEM for investigation and correlation against other log data. TAP can also be used to input IOCs like URLS so that the emails are blocked before entering the environment. Today we receive two types of alerts from TAP, one lets you know that Proofpoint now recognizes this email to be malicious and the analysts can investigate and remediate. The second type of alert is that an individual has clicked on a link that is known bad. Then the analysts can search logs for if the user successfully made it to the website and input any data.
- Block malicious and phishing emails
- Alert of now known to be bad emails
- Threat intelligence for tracking campaigns
- Metrics and dashboards around email activity
- Ability to block additional IOCS instead of just URL
- Ability to integrate with threat intelligence platforms
- What they label as a false positive is not always a false positive
June 21, 2019
Proofpoint - The Proof is There
Targeted Attack Protection (TAP) for Email is used across the entire enterprise. TAP gives us a layer of protection against the numerous attack vectors that exist in the cyberworld.
- Attachment Defense. This component scans all attachments for malicious content, quarantining anything suspicious. This is a must have for any legitimate email protection product.
- URL Defense. With so many phishing attempts out there that try to lure the unsuspecting user into clicking a link to a malicious web site, URL Defense provide an invaluable safety net by encoding the URL and re-routing it to Proofpoint's "sandbox". If legitimate, it seamlessly redirects the user to the original URL. Despite your best efforts at education, a percentage of your end users will click the link. Knowing that TAP is sandboxing those links to test for malicious activity is protection we cannot live without.
- TAP Dashboard. This lets me see who's being targeted in my environment as well as provide metrics that tell me how effective the protection has been. We're able to identify our "VIP's" so that we can receive special alerets whey they come under attack.
- It's a stretch for me to find something that needs improvement. If I had to put at least one thing it would relate to URL Defense. The process works great but, there are times when you have to decode the encoded URL. Currently, the only place to do that is in the TAP dashboard. To save clicks and logins, it would be nice to have that decode functionality in the Proofpoint management console.
- No other issues.